McAfee M-1250 Deployment Guide - Page 24
Fail-open versus fail-closed, High-availability.
View all McAfee M-1250 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 24 highlights
McAfee® Network Security Platform 6.0 Sensor Deployment Modes High-availability. In in-line mode, the Sensor does become a single point of failure, so the Sensors support complete stateful fail-over, delivering the industry's first true highavailability IPS deployment, similar to what you'd find with firewalls. If you're running in-line, McAfee recommends that you deploy two Sensors redundantly for failover protection. Figure 6: In-line mode In in-line mode (seen in the previous figure), the Sensor logically acts as a transparent repeater with minimal latency for packet processing. Unlike bridges, routers, or switches, the Sensor does not need to learn MAC addresses or keep an ARP cache or a routing table. When deployed in-line, you must specify whether the Sensor port is monitoring inside or outside of the network it is protecting. For example, the Sensor shown in the figure in How complex is your network topology? (on page 9) is monitoring links both inside and outside the network. Fail-open versus fail-closed Sensor ports deployed in In-line Mode have the option of failing open or closed. Similar in terminology to firewall operation, ports failing open allow traffic to continue to flow. Thus, even if the ports fail, your Sensor does not become a bottleneck; however, monitoring ceases which may allow bad traffic to impact systems in your network. When ports are configured to fail closed, the Sensor does not allow traffic to continue to flow, thus the failed ports become a bottleneck, stopping all traffic at the Sensor. 17